qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 5/6] luks: Catch integer overflow for huge sizes


From: Daniel P . Berrangé
Subject: Re: [Qemu-devel] [PATCH 5/6] luks: Catch integer overflow for huge sizes
Date: Mon, 12 Mar 2018 11:42:05 +0000
User-agent: Mutt/1.9.2 (2017-12-15)

On Fri, Mar 09, 2018 at 06:27:12PM +0100, Kevin Wolf wrote:
> When you request an image size close to UINT64_MAX, the addition of the
> crypto header may cause an integer overflow. Catch it instead of
> silently truncating the image size.
> 
> Signed-off-by: Kevin Wolf <address@hidden>
> ---
>  block/crypto.c | 5 +++++
>  1 file changed, 5 insertions(+)
> 
> diff --git a/block/crypto.c b/block/crypto.c
> index 4908d8627f..1b46519c53 100644
> --- a/block/crypto.c
> +++ b/block/crypto.c
> @@ -102,6 +102,11 @@ static ssize_t block_crypto_init_func(QCryptoBlock 
> *block,
>  {
>      struct BlockCryptoCreateData *data = opaque;
>  
> +    if (headerlen > UINT64_MAX - data->size) {
> +        error_setg(errp, "The requested file size is too large");
> +        return -EFBIG;
> +    }
> +
>      /* User provided size should reflect amount of space made
>       * available to the guest, so we must take account of that
>       * which will be used by the crypto header

Reviewed-by: Daniel P. Berrangé <address@hidden>

(if using INT64_MAX as Eric suggests)

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|



reply via email to

[Prev in Thread] Current Thread [Next in Thread]